Though a few years old (2004) this <a href=”http://www.pcreview.co.uk/forums/thread-1588287.php”> discussion thread </a> supplies a lot of useful information on anti-sniffing methods. Most of these methods deal with handling the people side of the problem. This <a href=”http://www.pcflank.com/art28.htm”> article </a> also supplies some information of interest.
Using SSH, IPSec or other solutions to encrypt your traffic would probably be the best solution. It’s not invulnerable; even if the crypto holds up (it should) someone can steal the keys. You should also be using switches and not hubs. Switches prevent passive sniffing attacks and require attackers to flood the switch or do a man-in-the-middle attack to read most traffic. You should also use port security on your switches. Port security (as implemented by Cisco) allows you to restrict the number of MAC addresses that can communicate through each physical switch port. If the switch detects a second MAC address it can either shut down the port, refuse to accept traffic from the new address, or alert the network administrator through an SNMP trap. Since attackers spoof additional MAC addresses in order to conduct the man-in-the-middle and flooding attacks which allow them to sniff on a switched network, this will prevent most sniffing.